Category Archives: Sonatype Says

Sonatype applauds GitHub’s approach to encourage OSS license selection


July 18, 2013 By
Derek Weeks

GitHub’s move to encourage developers to select an open source license for source code published to GitHub highlights the need for organizations to properly manage license concerns. The Central Repository, sponsored by Sonatype, has long since required license information for binaries that are  added, but encouraging license selection as part of the source code process […]

Continue reading...

Join Us for Nexus Live: Profiling your Nexus installation using JMX


July 12, 2013 By
Emily Blades

Wondering what’s new in Nexus? Just ask the experts. Join Brian Fox and Richard Seddon for Nexus Live next Wednesday, July 17, 2013 from 12:00PM-1:00PM EDT (GMT-0400) to: Learn how to profile your Nexus installation using JMX Ask questions live and get answers from top community contributors and respected Nexus professionals How to join: No […]

Continue reading...

Announcing CLM 1.5: New release simplifies policy management


July 11, 2013 By
Derek Weeks

At its core, Sonatype CLM uses policies to manage component usage. Policies provide automated guidance and enforcement throughout the software lifecycle, allowing for direct, stage-appropriate actions. For example, developers can be warned early in the IDE with little consequence, while applications, ready to be released, can be failed to protect production systems. Since policy actions […]

Continue reading...

Do Vulnerability Counts Really Matter?


June 20, 2013 By
Ryan Berg

Do vulnerability counts from sources like the National Vulnerability Database (CVE data) and Open Source Vulnerability Database (OSVDB) really matter? A recent article by Robert Lamos at darkREADING, questioned the usefulness of the metrics generated by these reports since the counts don’t add up. Looking at the trends, it’s been easy to see that vulnerabilities are increasing, but […]

Continue reading...

How Will you Manage the New Addition of A9 to the OWASP Top 10 List?


June 18, 2013 By
Jessica Dodson

It’s fair to say we were excited back in May when the OWASP community proposed A9 “ Using Components with Known Vulnerabilities” as a top 10 open source security risk – so now it’s official, component vulnerabilities are considered a critical web security flaw. But why has this addition warranted its own category, formerly classified […]

Continue reading...

See the Great Battle of Security and Speed at the Gartner Security & Risk Management Summit


June 6, 2013 By
Emily Blades

Once upon a time…there was a great battle between Speed and Security. Development wanted to go fast, but security wanted to slow down and be safe. Sound familiar? Modern applications are no longer written entirely from scratch using custom code, they are assembled from open source components using a relatively small amount of custom code […]

Continue reading...

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.


May 27, 2013 By
Jessica Dodson

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]

Continue reading...

New Webinar: No Way! Security & Compliance Can Speed Development


May 13, 2013 By
Emily Blades

Date: Tuesday, May 7, 2013 11:00AM-11:45AM EDT (GMT-0400) The business expects more! You have turned to agile development practices and components to deliver. You’re not alone…research shows 80% of modern applications consist of components, many of them open source. On the flip side, 57% of organizations aren’t managing components effectively. Enter security and compliance; once […]

Continue reading...